Subsonic Forum

[sir2u]

Is there any way to get LDAPS working for authentication? I'm using Tomcat 6 on Ubuntu 10.04. I've managed to get SSL working with APR. I have a working LDAP configuration, and I've set this up with other applications like Cacti and Splunk. All I need to know is can Subsonic make an LDAPs connection? And if so, where is it looking for CA certs?

I'm trying to do a writeup for all this once I figure out this last piece.

Thanks!

[cybertronian]

This post is a bit old, but I was also having problems with getting LDAPS working with my self-signed CA certificate.

The standalone Ubuntu/Debian install of subsonic 4.5 uses the default java CA keystore, which is located here on Ubuntu 11.04:

Code: Select all

/etc/ssl/certs/java/cacerts

You should already have the CA certificate from the SSL setup of LDAP. The normal location for CA certs in Ubuntu is:

Code: Select all

/etc/ssl/certs

If your CA certificate is in a different location, then modify the directions below accordingly. The CA cert has to be in DER format, so if yours is in PEM format do the following first:

Code: Select all

sudo openssl x509 -in /etc/ssl/certs/CACERT.PEM -inform pem -out /etc/ssl/certs/CACERT.DER -outform der

Replace CACERT.PEM with the name of your certificate file and CACERT.DER with the name for the DER formatted file. Now you can import the DER formatted CA cert into the main java CA keystore file:

Code: Select all

sudo keytool -importcert -alias self-CA -keystore /etc/ssl/certs/java/cacerts -file /etc/ssl/certs/CACERT.der

Again, replace CACERT with the name of the DER certificate file from the previous step. Then restart subsonic:

Code: Select all

sudo service subsonic restart